A coordinated operation against e-commerce fraud has resulted in the arrest of 59 suspected fraudsters and the activation of new investigative leads across Europe, as part of the eCommerce Action 2022 (eComm 2022).
The month-long operation (1-31 October 2022) involved 19 countries that have been fighting criminal networks that use stolen credit card information to order high-value products from online stores.
The action was coordinated by the European Cybercrime Centre (EC3) of Europol and the Merchant Risk Council and received the direct assistance of merchants, logistics companies, banks and payment card systems.
Although online payments are generally very secure, especially thanks to secure customer authentication methods widely implemented in Europe, criminals are continually altering their techniques to find new ways to steal money.
The eComm 2022 findings have identified the following key threats to the eCommerce sector:
– Phishing fraud, vishing and smishing: stolen credit card numbers are often obtained through phishing/vishing/smishing attacks whereby criminals contact people by phone, text message, messaging apps or email and try to convince them to hand over their credit card information. Sometimes these attacks promise a reward, and other times they impersonate a trusted company or government agency.
– Account takeover fraud: this fraud occurs when a criminal gains access to a user’s account in an e-commerce store. This can be accomplished through a variety of methods, such as purchasing stolen passwords, security codes or personal information on the dark web or successfully implementing a phishing scheme against a particular customer. Once they have gained access to a user’s account, criminals can engage in fraudulent activity. For example, they can change a user’s account details, make purchases in e-commerce stores, withdraw funds and even access other accounts of this user.
– Triangulation fraud: this type of fraud occurs when online criminals set up a fake or replica website and lure buyers with cheap products. Sometimes these fake sites may appear in advertisements or are sent to a user’s email address directing them to the site via an attempt to carry out a phishing attack. The problem is that these goods, in reality, do not exist or, of course, are never shipped.
Through an awareness campaign, European law enforcement has teamed up with Europol and the Merchant Risk Council to share practical advice on how to fend off criminals attempting to abuse the online shopping experience.
The objective of the campaign is to make e-commerce more secure by promoting secure online purchasing methods and helping new merchants to open their online store without the risk of cyber-attacks.
Participating countries and partners are promoting the campaign through their social media channels using the hashtag #SellSafe to help merchants understand the risks of e-commerce fraud.